For some, the absolute locked down-ness is a selling point. Why should those who want to buy something that can't be messed with not be able to?
If you don't want to buy something you can't install whatever you want onto, don't buy it. 100% the ability or inability to modify the firmware of a device should be disclosed, but if it's disclosed the seller should be able to set the policy to whatever they want
This is an extremely weak argument, and I'd like to stop seeing it perpetuated. If you don't want an unlocked bootloader, just don't unlock your bootloader. Why should we remove the ability to unlock the bootloader entirely just because some people don't want to use it?
Because the fact that it can't be unlocked makes me reasonably reassured that I can trust the software running on it comes from the vendor of the device
It's the same reason I don't want "the good guys" to have decryption keys to my messaging service, because even if I did trust the FBI, the fact that there is a backdoor at all means it could be exploited by someone I don't trust
Again, if you don't want to use a device that has a locked bootloader, don't buy it. I fail to see how this business model should be legally foreclosed upon. You'll always have the option to buy a device that can be unlocked, someone will always sell such a device. But if you can't lock them, then I can't buy one even if I want to
Phones with unlockable bootloaders aren't going to be sold for much longer just like dumb TVs aren't sold anymore. There's just too much profit to be earned by corporations locking devices, plus banks and governments want to lock down phones. And once they lock down phones they'll go for desktops as well.
Maybe in the US, but not in my country. I tried looking for "signage displays" but all I could find was Samsung professional monitors that still had the smart stuff
Yeah, this is just a fundamental misunderstanding of how bootloader unlocking works. The people repeating this argument seem to think that their bootloader will unlock if they look at their phone wrong, when in reality the bootloader unlock process can be made such that the user must consent. If some malware can bypass that, then it could bypass your bootloader in the first place.
It's not just about malware you might accidentally download, it's also about adversaries that may have physical access to your device and can provide that consent
No matter how convoluted you make the rube goldberg machine to bypass the cryptography, if there's a way to bypass it it will be bypassed
There are ways to do it so that 'bypass' means you effectively wipe the device. If that's not good enough, how do you protect against them just replacing your device with a compromised one that looks similar?
> it's also about adversaries that may have physical access to your device and can provide that consent. No matter how convoluted you make the rube goldberg machine to bypass the cryptography, if there's a way to bypass it it will be bypassed
You claimed that an adversary with physical access to your device can compromise your unlockable phone, but presumably this won't happen with a phone that can't be unlocked. Is that not what you claim? If so, please detail how.
I was talking about a device with an unlockable bootloader, not one that cannot be unlocked
Wanting an uncompromisable bootloader is about more than just protection against malware that might modify the software on the device, it's about protecting a phone that can be unlocked from having the software modified by someone with the ability to provide the consent that the end-user would normally give. For example when I hand my phone over in customs, or if it's seized by the police. If my bootloader is not unlockable, I haven't provided them with the keys to unlock the software, and those keys are reasonably strong, then I can be reasonably confident they haven't compromised by device
But, if they can unlock the bootloader for whatever reason, I have no idea now what is running on the device or what was run on it even if they restore it back to a locked condition
This is why I had mentioned in another comment, that it might make sense to require opening it with a screwdriver to enable/disable some features, and that you can add glitter or something like that if you want to detect physical tampering.
Every device I've ever unlocked warns you on boot that it's unlocked. So if that's your threat model, just reboot the phone after the maid hands it back to you and see if you get a scary warning.
At least historically, that wasn't always fool-proof :-) – I know at least some Motorolas from around ten years ago where the bootloader warning was simply an alternative boot animation, so you could suppress that message by overwriting the "bootloader unlocked" animation with the regular boot animation.
> If you don't want an unlocked bootloader, just don't unlock your bootloader.
That kind of logic cuts both ways: "If you don't want a device with a locked boot loader, just don't buy a device with a locked bootloader".
Unfortunately, as consumers, we're trapped between a rock and a hard place. On the one hand, I would want 100% freedom to use my device exactly as I see fit and run any software I want, without any form of curation from the manufacturer.
On the other hand, there are plenty of software companies who do shitty things when given absolute freedom over what to do in a user's device (tracking / spying / etc) and I welcome buying a device where the manufacturer helps me fight some of that.
So I can absolutely see both arguments. And I think both types can coexist. I am happy my iPhone doesn't allow Meta to say "to use WhatsApp, you must install the MetaStore®, give it root and install it from there".
I would not be happy with those restrictions on my desktop.
> I am happy my iPhone doesn't allow Meta to say "to use WhatsApp, you must install the MetaStore®, give it root and install it from there".
I think the inverse is a much more credible threat, though. "Sorry, you cant sign in to your bank because you are using Linux. Please try again on windows 11 with secure boot turned on" doesn't seem far fetched at all.
> "Sorry, you cant sign in to your bank because you are using Linux."
That's not an hypothetical for us here in Brazil: online banking was Windows-only for quite some time, because there was no Linux version of the invasive "security plugin" banks require for online banking (the current version of that "security plugin" has a Linux version).
Not that I would agree with such a policy (I currently do online bank using Linux), but why is it not within the bank’s rights to make that restriction? If they determine (with whatever degree of accuracy) that online banking from Linux/rooted androids/jailbroken iphones is too risky, why should they be required to allow it?
I don't think I asserted that it isn't within their rights. But this is the direction things are headed, and it is a threat to free and libre computing.
> I am happy my iPhone doesn't allow Meta to say "to use WhatsApp, you must install the MetaStore®, give it root and install it from there". I would not be happy with those restrictions on my desktop.
You fix that by making root access inconvenient enough that companies can't rely on the average random user having it enabled.
For example force you to wipe the device to unlock it as another person said in another comment. Or make it so that if you don't unlock it within 7 days of the device purchase and first boot, you cannot unlock it anymore.
> You fix that by making root access inconvenient enough that companies can't rely on the average random user having it enabled.
AI TikTok voice “Hey guys, if you just bought a new iPhone, make sure you remove Apple’s restriction locks so they can’t control what you install. Just follow these easy steps, but make sure you do it as soon as possible, since you’ll have to set up your phone again!”
With the comments filled with people talking about how terrible Apple is for locking down their phones, everyone’s an idiot for buying such a locked down phone so they better at least unlock the bootloader, etc.
This is not a far-fetched scenario based on some videos I’ve seen sent to me by friends.
Don't forget in the video to tell them that it will allow them to install apps that get them more performance, better battery life, better cell signal, etc.
I would also be happy with those restrictions on a traditional PC-class computing device (laptop or desktop). Would I personally buy one? Probably not, but I'd feel a whole hell of a lot better if my non-techie wife or mother or brother were using one and they were no more susceptible to some kind of exploit on their PC device than they were on their phone
I could see Microsoft saying "we're only allowing apps installed through our 'store', for safety/security reasons, unless you opt out (gated by some scary warning that doing so is unsafe).
Even if they never charged a fee for running the store, I bet this would raise a lot of eyebrows.
They are on your desktop. Have you tried installing any game you bought through Steam lately? They all install a custom launcher / updater / stuff that ends up in startup.
Literally 0 games I own on steam have any startup items. Custom launchers yes, but not startup items. A few games have kernel anticheat, but they all start with the game.
The exception is FaceIt for counter strike, but that’s not distributed through steam and is entirely third-party.
I think that making a suitable operating system design can help with avoiding some of these problems (and others mentioned elsewhere) (I had mentioned some of my ideas about operating system design before on Hacker News). In combination with this, there is also hardware design to consider (including considerations having to do with the instruction set), and you can also have a package manager with a package repository where whoever manages the package repository will verify them (something that is already done in many systems, although the verification that is already done is often not good enough in some ways); this package repository management is not actually necessary for the security features of the system but makes it more difficult for authors of programs to work around these security features.
If you don't want to buy something you can't install whatever you want onto, don't buy it. 100% the ability or inability to modify the firmware of a device should be disclosed, but if it's disclosed the seller should be able to set the policy to whatever they want